diff --git a/src/cli/mysql_admutils_compatibility/mysql_dbadm.rs b/src/cli/mysql_admutils_compatibility/mysql_dbadm.rs index 5167cb1..bfca452 100644 --- a/src/cli/mysql_admutils_compatibility/mysql_dbadm.rs +++ b/src/cli/mysql_admutils_compatibility/mysql_dbadm.rs @@ -143,6 +143,7 @@ pub struct EditPermArgs { pub database: MySQLDatabase, } +/// **WARNING:** This function may be run with elevated privileges. pub fn main() -> anyhow::Result<()> { let args: Args = Args::parse(); diff --git a/src/cli/mysql_admutils_compatibility/mysql_useradm.rs b/src/cli/mysql_admutils_compatibility/mysql_useradm.rs index 1618e09..b519553 100644 --- a/src/cli/mysql_admutils_compatibility/mysql_useradm.rs +++ b/src/cli/mysql_admutils_compatibility/mysql_useradm.rs @@ -108,6 +108,7 @@ pub struct ShowArgs { name: Vec, } +/// **WARNING:** This function may be run with elevated privileges. pub fn main() -> anyhow::Result<()> { let args: Args = Args::parse(); diff --git a/src/core/bootstrap.rs b/src/core/bootstrap.rs index ed1595f..a3a7e9e 100644 --- a/src/core/bootstrap.rs +++ b/src/core/bootstrap.rs @@ -59,6 +59,8 @@ fn will_connect_to_external_server( /// Note that this function is also responsible for setting up logging, /// because in the case of an internal server, we need to drop privileges /// before we can initialize logging. +/// +/// **WARNING:** This function may be run with elevated privileges. pub fn bootstrap_server_connection_and_drop_privileges( server_socket_path: Option, config: Option, diff --git a/src/main.rs b/src/main.rs index 9f3768e..4b7fabd 100644 --- a/src/main.rs +++ b/src/main.rs @@ -106,9 +106,7 @@ enum ToplevelCommands { MysqlUseradm, } -// TODO: tag all functions that are run with elevated privileges with -// comments emphasizing the need for caution. - +/// **WARNING:** This function may be run with elevated privileges. fn main() -> anyhow::Result<()> { #[cfg(feature = "mysql-admutils-compatibility")] if handle_mysql_admutils_command()?.is_some() { @@ -136,6 +134,7 @@ fn main() -> anyhow::Result<()> { Ok(()) } +/// **WARNING:** This function may be run with elevated privileges. fn handle_mysql_admutils_command() -> anyhow::Result> { let argv0 = std::env::args().next().and_then(|s| { PathBuf::from(s) @@ -150,6 +149,7 @@ fn handle_mysql_admutils_command() -> anyhow::Result> { } } +/// **WARNING:** This function may be run with elevated privileges. fn handle_server_command(args: &Args) -> anyhow::Result> { match args.command { Command::Server(ref command) => { @@ -169,6 +169,7 @@ fn handle_server_command(args: &Args) -> anyhow::Result> { } } +/// **WARNING:** This function may be run with elevated privileges. fn handle_generate_completions_command(args: &Args) -> anyhow::Result> { match args.command { Command::GenerateCompletions(ref completion_args) => { @@ -199,6 +200,7 @@ fn handle_generate_completions_command(args: &Args) -> anyhow::Result } } +/// Start a long-lived server using Tokio. fn tokio_start_server( server_socket_path: Option, config_path: Option, @@ -214,6 +216,9 @@ fn tokio_start_server( }) } +/// Run the given commmand (from the client side) using Tokio. +/// +/// **WARNING:** This function may be run with elevated privileges. fn tokio_run_command(command: Command, server_connection: StdUnixStream) -> anyhow::Result<()> { tokio::runtime::Builder::new_current_thread() .enable_all()